A Facebook bug let app developers see photographs users had uploaded, but never posted, the social network said.
For two weeks in September, an error in the way Facebook shares photographs with third parties meant that apps could see not only photos users had posted on their Newsfeed, but also pictures in other parts of the site — on Facebook Stories or Facebook’s Marketplace, for instance.
The bug also “impacted photos that people uploaded to Facebook, but chose not to post,” Facebook developer Tomer Bar said in a statement on Friday.
Importantly, the only applications that had access to the hidden photographs were those to which users had already granted access to all their public photos, through the company’s application programming interface, Bar said.
“Currently, we believe this may have affected up to 6.8 million users and up to 1,500 apps built by 876 developers,” Bar said.
Users affected are those who had given permission to third-party apps to access their photos through the Facebook log-in function. There is no evidence that the bug led to any large-scale extraction of photos from the site.
“We’re sorry this happened,” Bar added. “Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug. We will be working with those developers to delete the photos from impacted users.”
The error is comparatively minor given Facebook’s scale.
In September, almost five times as many accounts were affected by a data breach in which hackers accessed personal information, including name, relationship status, search activity and recent location check-ins.
“The vulnerability was the result of a complex interaction of three distinct software bugs and it impacted ‘view as,’ a feature that lets people see what their own profile looks like to someone else,” Facebook vice president of product management Guy Rosen said at the time.
“It allowed attackers to steal Facebook access tokens, which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app,” he added.
‘MOTHER’ OF THAILAND: In her glamorous heyday in the 1960s, former Thai queen Sirikit mingled with US presidents and superstars such as Elvis Presley The year-long funeral ceremony of former Thai queen Sirikit started yesterday, with grieving royalists set to salute the procession bringing her body to lie in state at Bangkok’s Grand Palace. Members of the royal family are venerated in Thailand, treated by many as semi-divine figures, and lavished with glowing media coverage and gold-adorned portraits hanging in public spaces and private homes nationwide. Sirikit, the mother of Thai King Vajiralongkorn and widow of the nation’s longest-reigning monarch, died late on Friday at the age of 93. Black-and-white tributes to the royal matriarch are being beamed onto towering digital advertizing billboards, on
Indonesia was to sign an agreement to repatriate two British nationals, including a grandmother languishing on death row for drug-related crimes, an Indonesian government source said yesterday. “The practical arrangement will be signed today. The transfer will be done immediately after the technical side of the transfer is agreed,” the source said, identifying Lindsay Sandiford and 35-year-old Shahab Shahabadi as the people being transferred. Sandiford, a grandmother, was sentenced to death on the island of Bali in 2013 after she was convicted of trafficking drugs. Customs officers found cocaine worth an estimated US$2.14 million hidden in a false bottom in Sandiford’s suitcase when
POWER ABUSE WORRY: Some people warned that the broad language of the treaty could lead to overreach by authorities and enable the repression of government critics Countries signed their first UN treaty targeting cybercrime in Hanoi yesterday, despite opposition from an unlikely band of tech companies and rights groups warning of expanded state surveillance. The new global legal framework aims to bolster international cooperation to fight digital crimes, from child pornography to transnational cyberscams and money laundering. More than 60 countries signed the declaration, which means it would go into force once ratified by those states. UN Secretary-General Antonio Guterres described the signing as an “important milestone,” and that it was “only the beginning.” “Every day, sophisticated scams destroy families, steal migrants and drain billions of dollars from our economy...
CAUSE UNKNOWN: Weather and runway conditions were suitable for flight operations at the time of the accident, and no distress signal was sent, authorities said A cargo aircraft skidded off the runway into the sea at Hong Kong International Airport early yesterday, killing two ground crew in a patrol car, in one of the worst accidents in the airport’s 27-year history. The incident occurred at about 3:50am, when the plane is suspected to have lost control upon landing, veering off the runway and crashing through a fence, the Airport Authority Hong Kong said. The jet hit a security patrol car on the perimeter road outside the runway zone, which then fell into the water, it said in a statement. The four crew members on the plane, which
RSS